George Valpak wrote:
Yes. I've never done this myself personally, but people have reported success doing this. The trick is to configure apache so that your LOGIN handler is not inside the authentication realm. Since your wanting to protect the whole server, the trick is to use LocationMatch directives to specify that everything EXCEPT /LOGIN (or whatever your login handler is) gets protected.Is it possible to protect an entire site, from DocumentRoot, using AuthCookie?
I dont have a configuration to post to you that will work because I've never done it, but its definitely possible becuase others have had success with it.
Mike
